The scenarios I read about cyberwar have always struck me as crude and more than a little bit pointless.
At various times in my career I tried to point out that cyberwar attacks don’t make any sense at all unless they are part of a strategic program that is likely to confer some benefit on the attacker. The last decade of “OMG! The evil Chinese might shut down our power grid!” has been embarrassing; it shows how poor American security practitioners’ (most particularly in the policy centers and intelligence community) strategic vision appears to be. Why would China collapse the US power grid? One does not simply do such things for entertainment, nor does one allow one’s target to know such a capability exists, unless it’s the right time and place to do so. The kind of unsubtle, brute-force, cyberwar scenarios we’ve been treated to – they’re simplistic.
Let’s look at a cyberattack scenario that’s the kind of thing a strategic genius would come up with. It did not happen, but it could have. And (and this is the point!) if it did, knowing for sure would be very difficult. The STUXNET attacks on the Iranian nuclear reactor at Bushehr, and the centrifuge cascade at Natanz, would have been attacks of similar subtlety if the US had been able to keep from publicly gloating over it. One of the problems I used to point out about cyberwar is what I called the “who would win, anyway” problem – it is a bad idea to launch attacks against a state that you can’t defeat if they retaliate by attacking conventionally. Put differently: Russia may launch cyberattacks on Estonia, but Estonia would be making a very ill-advised move if they launched cyberattacks on Russia. This leads to cyberwar becoming what I call a “weapon of privilege” – I can use it on you, but if you use it on me in a dream you’d better wake up and apologize.
It would be fun to fictionalize this a bit – I can imagine Martin Cruz Smith turning this into one of his subtle, murky, downbeat and grungy spy stories, like Polar Star. I can totally see Arkady Renko being tasked with figuring out what happened. And, in the end it turns out to be a tale of mere drunkenness and poor maintenance, not cyberwar. If any of you are good fiction-writers, thinking you’d like to pitch a made-for-TV series on cyberwar – it’s a timely topic indeed; there is a ghostly world that exists below the level we usually see, in which governments inflict extremely expensive damage on each other as a way of influencing their foreign policy. The Department of Spoiler Operations lives.
So, I want you to imagine that this was deliberate. Someone hooked their claws into the system that controls some electric motors that drive some pumps, so that they could be remotely kill-switched. In today’s hardware environment, with all the CPUs containing backdoors, and all the motherboards BIOS compromised, it could be any computer, really. There’s a guy who works at the docks, he goes to a bar and sits outside at a table, drinking a couple of beers. Another guy sits down and asks him how his wife is doing, “She’s put on a lot of weight” he says. “Oh, really?” says the second guy, “that’s … interesting.” Then the first guys says, “but that is nothing. My mother-in-law is coming to visit and will stay for several months.” The second guy sits back on the rear legs of his chair and thinks for a while, “Maybe we can plan something for her.”
[drive]
Details remain limited and are likely to change, but what we do know is that one of the world’s largest floating dry docks, known as PD-50, has sunk while Russia’s aircraft carrier Admiral Kuznetsov was aboard. According to reports, the dry dock began to sink suddenly, collapsing cranes onto the carrier’s deck and sending shipyard workers scrambling for their lives.
The updated story is that the electrical motors that drove the pumps that kept the water out – failed. The drydock began taking on water and sunk, pulling cranes down onto the Kuznetsov and tearing a great big hole in the deck and the side. Unfortunately, several people were killed.
The official story, at least as it sits now, is that the pump system that controls the dry dock’s buoyancy suddenly lost power causing its ballast tanks to flood with water far past the intended point. As the dry dock quickly submerged, cranes came crashing down onto the Kuznetsov’s deck (see below). Supposedly all this happened during a refloating operation for the carrier.
Initially it sounded like the Kuznetsov came through the experience more or less intact, but later it came out that a “5 meter long gash” was torn in the hull near the water-line. Since the drydock was sinking, it probably means that an amount of water came into the aircraft carrier, suddenly.
But then the story evolved further. Technical accidents with large things the size of an aircraft carrier are often much more complicated than they seem at first. You’ve got an aircraft carrier attached to a sunken dry dock, you can’t just waft it out of there like a summer breeze. Meanwhile every day that goes by does more damage to the ship and the dock.
The cyberwar scenario also involves target and supply-chain analysis. What if the attacker realized that the Russians only have one dry-dock of sufficient size? Suddenly, they have their finger on a weak spot in an entire supply chain: you can cause a failure in one point that has a ripple effect that is huge. I’ve heard similar hypotheses for how the US electrical grid’s supply chain could be vulnerable to resource exhaustion attacks – they only have a very small number of generators/parts for generators of size “gigantic” and, if something bad happened to 3 or 4 simultaneously, it might take months to replace them. That sounds like code for: “we’d have to buy them from China and boat them over” – which would be a problem if the Chinese say, “no, sorry. #tradewar. no generators for you!”
Apparently the situation is sinking in: [ars]
Russian officials have now acknowledged that the October 29 accident involving Russia’s only aircraft carrier and largest floating dry dock has made continuing the refit of the ship impossible. The dry dock, the PD-50, was the only one available capable of accommodating the 55,000 ton Admiral Kuznetsov. As a result, the completion of the refit of the ship is now delayed indefinitely.
The PD-50, built by a Swedish shipyard in 1980 for the Soviet Union, sank in an uncontrolled “launch” of the Kuznetsov and came to rest on the sloping bottom of the harbor at Murmansk. Two cranes collapsed during the sinking, with one crashing onto the Kuznetsov and leaving a large gash in its hull. And recovering and repairing the PD-50 could take as long as a year.
Summarizing:
For want of a nail the shoe was lost.
For want of a shoe the horse was lost.
For want of a horse the rider was lost.
For want of a rider the message was lost.
For want of a message the battle was lost.
For want of a battle the kingdom was lost.
And all for the want of a horseshoe nail.
Causality’s complicated stuff, especially if someone is manipulating yours down near the root of your event-tree.
Here’s a spoiler for Season 2’s main plot-line: we discover that a foreign power designed the F-35 program to suck up a huge chunk of the US and NATO allied economy. It was never supposed to work, it was just supposed to be expensive.
(I will track this story and will check up on the Kuznetsov next year. Prediction: the “one year” estimate is face-saving. The ship is toast.)
There’s a lot going on here. We could be looking at the death of big navies and the first stage of transition to missile-boat fleets. In the current battle environment, ships like the Kuznetsov are just juicy targets. I believe the British Royal Navy – formerly the world’s premier navy – is down to one mid-tier aircraft carrier and a dozen other ships. I.e.: you could probably sink it with a single salvo of missiles. The US Navy is absurdly expensive but it’s basically the only major navy left.
sonofrojblake says
Bless you for wildly overestimating us.
We’re down to TWO aircraft carriers, which when you float them by the side of a Nimitz-class ship look like bathtoys. But they don’t have steam catapult/arrestor wire systems, and as a result, you can’t launch conventional aircraft from them. That wouldn’t be a problem, except the old Sea Harriers we used to have have been retired. Their replacements are – can you guess? – F35s. The short-take-off version… except we haven’t actually got any of those yet and we’re not expecting them to be operational for some time. So…
If by “aircraft carrier” you mean “ship that actually has some operational war-capable fixed wing aircraft on it”, the UK is currently down to NO AIRCRAFT CARRIERS AT ALL. ffs
sonofrojblake says
Small erratum: one of our “carriers” hasn’t been commissioned yet. So yeah – just the one big boat, but if you’re going to call it a “carrier”, for the foreseeable future you need some pretty heavy quotes round it.
Your “one salvo” would have to catch all 20 major surface ships in the same place. And it would need to be entirely unattributeable, because we have some nuclear submarines that would be less easy to kill.
Marcus Ranum says
sonofrojblake@#2:
Your “one salvo” would have to catch all 20 major surface ships in the same place. And it would need to be entirely unattributeable, because we have some nuclear submarines that would be less easy to kill.
That’s what I mean about needing top-cover before you do anything. Having a nuclear deterrent means “you’re going to lose worse for all versions of ‘lose'”
Since they are US-made and US-maintained missiles they probably only work on geofenced areas anyway.
Marcus Ranum says
Without aircraft carriers how is the UK going to ship its F-35s to Turkey for engine maintenance? “Hello FEDEX? We have a really big box for pickup.”
Unrelated: not much notice in the US media about how the Air Force left half of their remaining F-22s behind to get flooded in the hurricane. “The good news is now you have spare parts! The bad news is your complement of air superiority fighters is around 25”
Reginald Selkirk says
Unlike with conventional forces, with cyber you have to acknowledge the possibility of rogue individuals. Why would the Chinese government want to cripple the US power grid? That might not be clear. But it could be that some teenager in Sezhuan got suspended from school for a few days, so decided to expand his mad hacking skillz.
Jazzlet says
Oh I’m sure the Tories will come up with a creative solution. After all this is the party that have appointed someone to negotiate Brexit who didn’t actually know that Dover is the most important port for goods going to and from Europe. What could possibly go wrong?*
* Quite apart from anything else, I’m worried about all the medicines I take, two come from Spain, including one that’s both an anti-depressant and a nerve blocker, stopping that suddenly would not be a good idea. And how many of the medicines that are produced in the UK require ingredients from elsewhere? They’ve been buying up fridges so they can stockpile insulin, because that’s not made in the UK or not in sufficient quantities and they haven’t the capacity to meet the full demand (cant remember which) so bad luck to all the Type I diabetics out there. It’s fucking mess and it’s not going to be the posh prats who caused it who suffer any of the consequences.
sonofrojblake says
You jest, but you’re probably not far off. Except the private contractor who ends up shipping them will happen to be the one that, by that time, is employing on a “consultancy” basis the very people responsible, years previously, for the need for such a contract in the first place. Bonus points if they’re related to anyone who owns the company.
If basic foods and medicines stop coming into this country, what happened to Jo Cox will look like a fucking picnic compared to what will be done to any Brexiteer Tory not surrounded by concrete and barbed wire. The entertaining thing is, I don’t think for a minute that the clueless fuckwits like Karen “people who are nationalists don’t vote for unionist parties” Bradley and Dominic “I didn’t realise Dover was important” Raaaab have even considered the idea that they might become targets, and that the police force that their party have systematically gutted over the last decade might be unable to protect them, or quite possibly disinclined to try.
lanir says
You assume sensible planning around the US nuclear arsenal. This is a prudent train of thought for people who do not live in the US. It is a very foolish assumption for anyone e who does.
The second biggest tragedy of nuclear armament after trivial matters like mass extinction is that almost no one can afford to laugh at it. I’m not sure if the US is inique in this regard hut here there’s a 3 Stooges routine regularly (and unintentionally) performed by those who maintain the nuclear arsenals.
komarov says
Sorry but that overtaxes my suspension of disbelief quite a bit. Corrupt US politicians and other officials getting behind an overpriced doomed-to-fail megaproject because they get to skim a bit sounds much more
profitable* plausible. Foreign powers might try but they could never hope to compete with the local “elite” trying to ruin everything for their own benefit.*Interesting typo. I seem to be getting ahead of myself.
—
Re: sonofrojblake (#1):
So you still have helicopters… no, wait. Those were retired, too, weren’t they? Makes me wonder if there is a rotor-based version of the F-35 yet. I’m guessing there is. It’s probably just a CAD doodle made by a bored intern but it has a price-tag and a long list of orders.
—
Re: Marcus Ranum (#4):
Sounds fine if you assume maximum corruption. Someone will have to order new fighters. How about those amazing F-35s? It’ll be a boon to (very select parts of) the economy. And a bane to the taxpayer, but they don’t get a say in the defence budget anyway.
Incidentally, were I a shipping company I’d jump on the chance to ship F-35s wherever you want them. Maybe I could subcontract the British Navy with their idle aircraft carrier. Or I might ship it in pieces documenting every piece veeeeery carefully to make sure I can put it back together at the destination. And are you having issues with your shipment after delivery? Well, I hope you can prove it worked when we picked it up.
komarov says
I’m starting to worry about how the BBC always manages to time their articles so perfectly:
US military ‘losing its competitive edge’
I’ll just scream silently as I have been rendered speechless. If I recover from my near-fatal bafflement, that is.